From 90635ad216f7658990dbd61eb209ecc65a9f28e0 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Thu, 1 Oct 2015 18:15:40 -0700 Subject: Fixing issue with being logged into other team --- web/web.go | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 83b59ead4..31101fa89 100644 --- a/web/web.go +++ b/web/web.go @@ -319,6 +319,10 @@ func logout(c *api.Context, w http.ResponseWriter, r *http.Request) { func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) name := params["channelname"] + teamName := params["team"] + + var team *model.Team + teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) var channelId string if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil { @@ -328,6 +332,19 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { channelId = result.Data.(string) } + if tResult := <-teamChan; tResult.Err != nil { + c.Err = tResult.Err + return + } else { + team = tResult.Data.(*model.Team) + } + + if team.Name != teamName { + l4g.Error("It appears you are log into " + team.Name + ", but are trying to access " + teamName) + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusFound) + return + } + if len(channelId) == 0 { if strings.Index(name, "__") > 0 { // It's a direct message channel that doesn't exist yet so let's create it @@ -363,15 +380,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { } } - var team *model.Team - - if tResult := <-api.Srv.Store.Team().Get(c.Session.TeamId); tResult.Err != nil { - c.Err = tResult.Err - return - } else { - team = tResult.Data.(*model.Team) - } - page := NewHtmlTemplatePage("channel", "") page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientProps["SiteName"] page.Props["TeamDisplayName"] = team.DisplayName -- cgit v1.2.3-1-g7c22